package com.xiaolong.shiro;

import javax.annotation.Resource;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;

public class CustomFormAuthenticationFilter extends FormAuthenticationFilter {
	
	@Resource
	private SessionManager sessionManager;
	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception{
		HttpServletRequest httpServletRequest = (HttpServletRequest) request;
		Session session = SecurityUtils.getSubject().getSession();
		//s.getAttribute("validateCode");
		//HttpSession session = httpServletRequest.getSession();
		//取出session中的验证码
		String validateCode = (String) session.getAttribute("validateCode");
		//取出页面的验证码
		String randomcode = httpServletRequest.getParameter("randomcode"); 
		if(randomcode != null && validateCode != null && !validateCode.equals(randomcode)){
			 httpServletRequest.setAttribute("shiroLoginFailure", "kaptchaValidateFailed");//自定义登录异常  
			 return true;
		}
		return super.onAccessDenied(request, response);
	}
}
